Debian-LTS has issued an advisory on July 8: https://www.debian.org/lts/security/2021/dla-2705 The issues are actually from a bundled library called ezXML which is also in netcdf, and there are more CVEs listed in this bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
This has no registered nor consistent maintainer, so assigning globally. CC'ing pterjan & akien who have both done several recent updates to it.
Assignee: bugsquad => pkg-bugsCC: (none) => pterjan, rverschelde
openSUSE has issued an advisory for this on November 25: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DM4S3HXSBD3QQY6J6J2S4KVWTO63OS7U/
For Mageia8, netcdf-4.7.4-3.1.mga8, which includes the patches from openSUSE, should solve the problem. For Cauldron, netcdf fails to build because of some tests.
CC: (none) => nicolas.salguero
Looks like "nc_test" is the failure. Mageia 8 packages: libnetcdf18-4.7.4-3.1.mga8 libnetcdf-devel-4.7.4-3.1.mga8 netcdf-4.7.4-3.1.mga8
Status comment: (none) => Test suite failure in Cauldron
latest netcdf is on cauldron.
Assignee: pkg-bugs => qa-bugsStatus comment: Test suite failure in Cauldron => (none)CC: (none) => mageiaWhiteboard: MGA8TOO => (none)Version: Cauldron => 8
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues. No wiki, no previous updates, reading desription of netcdf in MCC: "NetCDF (network Common Data Form) is an interface for array-oriented data access and a freely-distributed collection of software libraries for C, Fortran, C++, and perl that provides an implementation of the interface." OK'ing this on clean install as we do for other evveloper's stuff.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0580.html
Status: NEW => RESOLVEDResolution: (none) => FIXED